- Full summary in Pro version
- 14 more key points in Pro version
- 3 more common mistakes in Pro version
- 3 more exam tips in Pro version
- 45 more related questions in Pro version
Summary
SAA-C03 security scenarios usually start with identity boundaries. IAM roles are preferred when AWS services, applications, or users need permissions without long-term access keys. AWS STS issues temporary credentials when a role is assumed, and cross-account roles are the clean pattern for granting access into another AWS account. IAM Identity Center and federation fit workforce sign-in scenarios where users authenticate through an external identity provider and receive role-based AWS access.
Key Points
- IAM Role: An AWS identity with permissions that can be assumed by a trusted service, user, application, or account instead of using long-term keys.
Common Mistakes
- Creating IAM users with long-term keys when the scenario asks for temporary delegated access through IAM roles and STS.
Exam Tips
- Use IAM roles and STS for temporary access, especially across accounts.